GSTN strengthens walls to keep out cyber criminals

When the Goods and Services Tax Network (GSTN), which is in charge of the technological infrastructure for the new tax regime, opened its portal to allow taxpayers to register themselves last November, it saw a Distributed Denial of Service (DDoS) attack aimed at disrupting services.Mugdha Variyar | ET Bureau | May 30, 2017, 09:07 IST

The government of India presently has 24.5 per cent stake in GSTN while state governments together hold another 24.5 per cent.When the Goods and Services Tax Network (GSTN), which is in charge of the technological infrastructure for the new tax regime, opened its portal to allow taxpayers to register themselves last November, it saw a Distributed Denial of Service (DDoS) attack aimed at disrupting services.

With the impending rollout of GST, the GSTN is seeing several types of cyber threats and is preparing to ward them off. Concerns of cyber security have heightened after the recent ransomware attack . The attack and the subsequent plans to build a cyber security unit was confirmed by two sources.

“There were attempts from countries such as Pakistan and China to swarm the system through a DDoS attack and bring it down. The GSTN was able to ward off the attack and ensure the system was not disrupted," said one source directly aware of the development.

Another cyber attack the GSTN system has seen is the Cross-Site Request Forgery (CSRF), an attack wherein a malware creates a Trojan which can execute unwanted actions from the user's end.The GSTN did not respond to specific queries about cyber security threats.

“The biggest threat to the GSTN that could have financial implications is a DDoS attack. Given the importance of the GSTN to the government, I am sure they will definitely be implementing the best securi ty framework to protect the data along with the highest possible encryption," said Rajesh Maurya, regional VP, India & SAARC, at Fortinet, a global cyber security company.

The GSTN is preparing for other cyber attacks such as Man-in-the-Middle (MITM) and Clickjacking, said the source cited above.

“It's also important that companies offering GST solutions ensure SSL pinning (meant for encryption of data) to their GST applications to prevent MITM attacks," said Akshat Jain of cybersecurity firm Cyware.

Himanshu Jain, the CEO of LegalRaasta which is building a GST solution and has also applied to become a GST Suvidha Provider (GSP), said it has integrated SSL in both its website and app.

Cyware's Jain said Clickjacking, wherein a user is tricked into clicking on a false link, may not be a major concern for GST. He said proper awareness by GSTN and GSPs about their correct website links could help prevent taxpayers from being misled into wrong URLs.